- #3154558 [security] rdefs using default read permissions: just do nothing
- #1681974 cubicweb-ctl shell and migration ignores uid
- #2965518 attribute permissions: have an 'add' permission distinct from 'update'
- #2932033 [security] consider operation checking only in securityafterupdateentity hook
- #2930861 [security] update perms fire on attributes at entity creation time
- #2920304 [security] add a security debugging tool
- #2465904 upgrade weak hashes automatically on login
- #2103684 use passlib (?)
- #1642893 Unauthorized exception gives a 500 error message